1. Field of the Invention
This invention relates to the field of cryptography, including user authentication, document authentication, symmetric key cryptography, public key cryptography, secure communications, secret sharing, and key distribution.
2. Description of the Related Art
Cryptography has become increasingly important with the increased presence of the Internet, an inherently insecure transmission medium. Cryptography enables methods of secure user authentication, which is a prerequisite to performing secure electronic commerce on the Internet.
Typical methods of user authentication are insecure and vulnerable to eavesdropping. For example, suppose that a user Alice wishes to log into a computer over the Internet. A typical authentication process requires Alice to enter her password. This password is typically entered and transmitted in the clear and may be easily intercepted by an eavesdropper Eve as it travels across the Internet, providing Eve with the information necessary to gain exactly the same access privileges as Alice. Cryptography provides secure authentication protocols allowing Eve to eavesdrop on the authentication information without providing her with the necessary information to gain the same access privileges as Alice.
Cryptographic methods of secure user authentication require the storage of sensitive information, typically on a medium such as the hard disk drive of a general purpose computer or the flash memory of a personal digital assistant. With the increasing portability and mobility of such hardware comes the increasing ease of its theft. In one illustrative example, a user travels with a laptop computer containing authentication information stored on its hard disk. This authentication information can be used to make a secure network connection, to log in to a remote host, and to sign email. If the laptop were to be stolen, the thief could then use this stolen information to perform further mischief by masquerading as the user.
One type of sensitive authentication information is a user's private key. A private key is a component of public key cryptography, which enables methods of user authentication as well as secure communications over unsecured channels. Public key cryptography employs a key pair comprising a public key and a private key. One key is used to encrypt a file and the other key is used to decrypt it. The key used to encrypt a file is not useful for subsequently decrypting it. In general, public key cryptography enables a user Alice to authenticate herself to another user Bob by encrypting data provided by Bob with her private key, creating a digital signature. Alice then sends the signature to Bob. Bob then uses Alice's public key to decrypt the signature, which he then compares to the plaintext. Alice is authenticated to Bob if the decrypted and plaintext data match. Implementations of public key cryptography include RSA, Diffie-Helman, ElGamal, and Elliptic Curve Cryptography (“ECC”).
Another type of sensitive information is the output of an authentication token. In one implementation, an authentication token displays a number that changes periodically. The numbers displayed are elements in a pseudorandom sequence. Before the token is used, it is synchronized with a security server so that the security server subsequently knows what number is displayed on the token at any given time. When a user seeks access to a resource administered by the security server, the user sends the server the number currently displayed on the token. The server then authenticates the user by comparing the sent number with the number that the server expects the authentication token to currently display. If they match, the user is authenticated and granted access to the resource. An authentication token can be implemented in hardware or software. In one software implementation, an authentication token includes program code running on the user's laptop.
Another type of sensitive information is a key to a challenge-response protocol. In one implementation of this protocol, the key comprises a number known by the user and an authentication server. Instead of requesting the number directly, the authentication server sends the user an operand. The user performs a mathematical function using the operand and the key and sends the result back to the authentication server, which compares the user's answer with the expected answer. The mathematical function is designed so that it is impractical to discern the key from the operand and the result. A challenge-response authentication protocol can be implemented in software on the user's a general purpose computer.
Sensitive information for secure user authentication can be stored on a variety of hardware. For example, secure user authentication methods may be implemented on a workstation, a desktop computer, a laptop computer, a personal digital assistant, a smartcard, a universal serial bus (“USB”) key, or specialized hardware. This specialized hardware can be small and portable, with form factors similar to a credit card, a gumdrop, or a school ring.
There is a need to protect sensitive information stored on a wide range hardware that is subject to several forms of physical compromise.